我想看看哪些用户负责的变化S3（在桶的水平）。 我找不到在谁创建的实例S3桶水平或EC2做动作的审计跟踪。豆茎，在日志的机器执行的动作的，但不是该用户。

I am trying to see which user was responsible for changes in S3 (at buckets level). I could not find a audit trail for actions done at S3 bucket level or EC2 who created instances. Beanstalk has a log of the actions the machine performed, but not which user.

有没有办法解决AWS的方式，我们可以看到，或该信息在IAM任何其他位置？

Is there a way around AWS that we can see this information in IAM or any other location ?

PS：我没兴趣知道其提供的访问日志S3日志桶

P.S: I am not interested to know about S3 log buckets which provide access logs

推荐答案

AWS刚刚宣布 AWS CloudTrail ，终于（使作为当今审计API调用和免费），看到介绍后 AWS CloudTrail - 捕捉AWS API活动了解详细信息：

Update

AWS has just announced AWS CloudTrail, finally making auditing API calls available as of today (and for free), see the introductory post AWS CloudTrail - Capture AWS API Activity for details:

你有需要跟踪一个或多个AWS的API调用   账户？如果是这样，新的AWS CloudTrail服务是你的。

Do you have the need to track the API calls for one or more AWS accounts? If so, the new AWS CloudTrail service is for you.

一旦启用，AWS CloudTrail记录到AWS的API进行的调用   使用 AWS管理控制台的的 AWS命令行界面   （CLI ），自己的应用程序，以及第三方软件和出版   所产生的日志文件到您选择的Amazon S3的桶。   CloudTrail还可以发出通知的亚马逊SNS话题   您所选择的文件发布各一次。每个呼叫都记录在JSON   格式，便于分析和处理。

Once enabled, AWS CloudTrail records the calls made to the AWS APIs using the AWS Management Console, the AWS Command Line Interface (CLI), your own applications, and third-party software and publishes the resulting log files to the Amazon S3 bucket of your choice. CloudTrail can also issue a notification to an Amazon SNS topic of your choice each time a file is published. Each call is logged in JSON format for easy parsing and processing.

请注意以下几点（临时）限制：

Please note the following (temporary) constraints:

不是所有的服务都涵盖的是，虽然最重要的是包含在最初的版本已经和AWS计划的随着时间的推移支持其他服务的。 更新：AWS最近增加的七个新服务，和另外一个今天，见下文。 Not all services are covered yet, though the most important ones are included in the initial release already and AWS plans to add support for additional services over time. Update: AWS has recently added Seven New Services, and another one today, see below. 更新：AWS刚刚加入多个位置，服务，迅速接近覆盖其整个全球基础设施的确实如此。 Update: AWS has just added More Locations and Services, quickly approaching coverage of their entire Global Infrastructure indeed.

这是一个长期存在的功能要求，但遗憾的是AWS不提供（公众）的审计线索截至今天 - 最合理的方式来增加这个功能很可能会相应延长的 AWS身份和访问管理（IAM），这是越来越无处不在的身份验证和授权层在所有现有的（几乎可以肯定未来获得的AWS资源）产品和放大器;服务。

This is a long standing feature request, but unfortunately AWS does not provide (public) audit trails as of today - the most reasonable way to add this feature would probably be a respective extension to AWS Identity and Access Management (IAM), which is the increasingly ubiquitous authentication and authorization layer for access to AWS resources across all existing (and almost certainly future) Products & Services.

因此​​，有在 IAM常见问题解答沿着这些线路的：

   将AWS身份和访问管理行政行为被记录到审计跟踪：   否。这是计划在将来的版本。    在AWS服务将用户操作记录到审计线索？   否。这是计划在将来的版本。    Will AWS Identity and Access Management administrative actions be logged to an audit trail?: No. This is planned for a future release. Will user actions in AWS services be logged to an audit trail? No. This is planned for a future release.